Cross-Site Scripting (XSS) Vulnerability in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0

Cross-Site Scripting (XSS) Vulnerability in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0

CVE-2023-48432 · Severity

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. XSS, with resultant session stealing, can occur via JavaScript code in a link (for a webmail redirection endpoint) within en email message, e.g., if a victim clicks on that link within Zimbra webmail.

Learn more about our Web App Pen Testing.